blueprint-platform/docs/consumption/gitea-nuget-feed-validation.md

# Gitea NuGet Feed Validation

## Purpose

Validate that Gitea can be used as the package registry for cross-repo consumption in greenfield.

## Validated Environment

- Date: 2026-02-25
- Gitea URL: `http://192.168.68.156:3000`
- Organization feed: `http://192.168.68.156:3000/api/packages/AgileWebs/nuget/index.json`
- Auth mode: Basic auth using Gitea login + token

## Prerequisites

- `AGILE_GITEA_URL` is set
- `AGILE_GITEA_TOKEN` is set
- Account has package publish permissions in `AgileWebs`

## Required NuGet Source Configuration

Because the current feed is HTTP, source entries must allow insecure connections.

```xml
<packageSources>
  <clear />
  <add key="gitea-org" value="http://192.168.68.156:3000/api/packages/AgileWebs/nuget/index.json" allowInsecureConnections="true" />
  <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
</packageSources>
<packageSourceCredentials>
  <gitea-org>
    <add key="Username" value="<gitea-login>" />
    <add key="ClearTextPassword" value="<gitea-token>" />
  </gitea-org>
</packageSourceCredentials>
```

## Smoke Test Result

The following flow was executed successfully:

1. Create temporary package `AgileWebs.Nuget.Smoke`.
2. Pack and push to org feed.
3. Create clean consumer project.
4. Restore consumer with package from Gitea feed.

Result: **PASS**

## Troubleshooting

- Error: `NuGet requires HTTPS sources`.
  - Cause: HTTP feed without insecure override.
  - Fix: add `allowInsecureConnections="true"` in `nuget.config`.

- Error: `401 Unauthorized` on push/restore.
  - Cause: invalid token or missing package permission.
  - Fix: validate token with `GET /api/v1/user` and retry.

## Operational Recommendation

- Keep this setting only while feed is HTTP.
- Move feed to HTTPS to remove insecure source exception.